Breach Reporting

Extend the Security of Your Data with Breach Reporting

Legislation regarding data privacy is increasingly strict, and the procedures needed to remain compliant when facing data breaches are intricate. Breach Reporting assures that your business remains protected from hefty fines and other penalties that can result from improper reporting to authorities. With a single call, you can accurately file all necessary reports, notify affected individuals, and avoid missing any requirements.

Reduce Risk with the Readiness Program

The opportunities for a data breach to occur range from hackers to human error. The Readiness Program will enable you to uncover and correct your risk areas. It’s simple:

• Take the online self-assessment at your own pace.
• Receive a report detailing your risk areas
• Implement policies and best practices
• Receive a Certificate of Completion and ID Stay Safe Seal

Be ready with CSR Breach Reporting Service

Should a data breach occur, simply call the CSR Breach Reporting Hotline. A team of IAPP certified professionals will take it from there:

• Gather incident details from you
• Accurately complete and file reports
• File notices as needed to authorities
• Handle the task of notifying affected individuals

Remember the types of Personally Identifiable Information (PII) breached can include DEIN numbers, Bank account numbers, and other Corporate data. As well as, data you collect from your clients, for example, credit card numbers and social security numbers.

Some Examples of Breaches and The Costs Associated

Vermont Grocer Fined $15,000
Incurred Another $15,000 to Implement New System

1. Penalized for slow data breach response, Natural Provisions violated state’s Security Breach Notice Act and Consumer Protection Act, failed to protect consumer data, and was required to implement a new POS system.
2. Natural Provisions stated the breach occurred because it “was unaware of legal obligations due to data breach…”

Small Business Data Breach Triggers $50,000 Fine

1. The Hospice of North Idaho agreed to pay the U.S. Department of Health and Human Services $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule after a laptop was stolen containing sensitive information of 441 patients.
2. The hospice had not conducted a risk analysis to safeguard electronic Protected Health Information (ePHI) and did not have policies or procedures in place to address mobile device security as required by the HIPAA Security Rule.
3. https://www.hhs.gov/news/press/2013pres/01/20130102a.html